Open Bug 1501082 Opened 6 years ago Updated 2 years ago

StoreUserInteractionAsPermission can be forged by a rogue content process

Tracking

()

Status:

NEW

Project Flags:

Fission Milestone

Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Reporter

Description

•

6 years ago

The PContent method StoreUserInteractionAsPermission accepts a principal from the content process and uses it to denote special permission bits indicating the user interacted with the page.

A rogue content process could supply whatever principal they wished; and use it to set permission bits. We should ensure the value is sane for the origins hosted by the content process.

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog2]

Chris Peterson [:cpeterson]

Comment 1

•

4 years ago

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

StoreUserInteractionAsPermission can be forged by a rogue content process

Categories

(Core :: DOM: Security, enhancement, P3)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated